Category:OWASP CAL9000 Project

PREVIOUS NOTE

This project, while still useful, is pretty much dormant and orphaned by the project lead.

Overview

CAL9000 is a collection of web application security testing tools that complement the feature set of current web proxies and automated scanners. CAL9000 gives you the flexibility and functionality you need for more effective manual testing efforts. Works best when used with Firefox or Internet Explorer.

CAL9000 is written in JavaScript, so you have full access to the source code. Feel free to modify it to best suit your particular needs. CAL9000 has some powerful features (like executing cross-domain xmlHttpRequests and writing to disk). It is purposefully designed to do some horribly insecure things. Therefore, I would strongly encourage that you only run it locally and NOT off of a server.

Take a few moments to check out the CAL9000 built-in Help file for information about all of the new features and some potential gotchas (browser quirks, xmlHttpRequest limitations, etc.)

Please only use this tool for testing your own applications or those that you have been authorized to test.

Features

XSS Attacks - This is a listing of the XSS Attack Info from RSnake. You can filter the listing based on which browsers the attacks work in, test them, apply RegEx filters and create/edit/save/delete your own attacks.

Project Contributors

Chris Loomis wrote the CAL9000 tool and currently leads the project. Any and all questions, comments or suggestions are welcome and may be directed here or submitted via the mailing list.

Thanks to everyone who has emailed me their comments and great suggestions for enhancing CAL9000. Keep the ideas coming! Special thanks to Achim Hoffmann for his significant contributions of code and time to the project.

Geeze, Really helpful stuff.

Feedback and Participation:

We hope that you find the OWASP CAL9000 Project useful. Please contribute to the Project by volunteering for one of the Tasks and/or sending your comments, questions and suggestions to owasp@owasp.org. To join the OWASP CAL9000 Project mailing list or to view the archives, please visit the subscription page.